Aggregator
Alleged Data Sale of Municipality of Canegrate
GitLab security advisory (AV25-584)
New Fileless Malware Attack Uses AsyncRAT for Credential Theft
CVE-2024-27917 | Shopware Platform/Storefront 404 Page cache containing sensitive information
CVE-2024-31447 | Shopware Security Plugin up to 6.5.8.7/6.6.1.0 on Symfony logout session expiration
CVE-2024-34350 | vercel next.js up to 13.5.0 HTTP Request request smuggling
CVE-2024-34351 | vercel next.js up to 14.1.0 server-side request forgery
CVE-2024-51752 | workos authkit-nextjs up to 0.13.1 log file
CVE-2024-51479 | vercel next.js up to 14.2.14 improper authorization (GHSA-7gfc-8cq8-jh5f)
CVE-2024-56332 | vercel next.js up to 13.5.7/14.2.20/15.1.1 HTTP Request allocation of resources (GHSA-7m27-7ghc-44w9)
CVE-2025-30150 | Shopware up to 6.5.8.17/6.6.10.3/6.7.0.0-rc1 API Endpoint recovery-password observable response discrepancy (GHSA-hh7j-6x3q-f52h)
CVE-2025-30151 | Shopware up to 6.5.8.17/6.6.10.3/6.7.0.0-rc1 Long Password denial of service (GHSA-cgfj-hj93-rmh2)
CVE-2025-32378 | Shopware prior 6.5.8.17/6.6.10.3/6.7.0.0-rc2 Newsletter improper control of interaction frequency (GHSA-4h9w-7vfp-px8m)
CVE-2025-29927 | vercel Next.js up to 14.2.24/15.2.2 Header x-middleware-subrequest improper authorization (GHSA-f82v-jwr5-mffw / EDB-52124)
Pixel 10 fights AI fakes with new Android photo verification tech
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
SecWiki News 2025-09-10 Review
更多最新文章,请访问SecWiki
UNC6395 Hackers Accessed Systems via a GitHub Account, Salesloft Says
Security investigators from Google said UNC6395 hackers spent several months running through Salesloft and Drift systems before launching a data breach campaign that some security researchers say has targeted hundreds of technology and other companies.
The post UNC6395 Hackers Accessed Systems via a GitHub Account, Salesloft Says appeared first on Security Boulevard.
Patch Tuesday Update – September 2025
In total, including third-party CVEs, in this Patch Tuesday edition, Microsoft published 86 CVEs, including 5 republished CVEs. Overall, Microsoft announced 2 Zero-Day, 9 Critical, and 73 Important vulnerabilities. From an Impact perspective, Escalation of Privilege vulnerabilities accounted for 44%, while Remove Code Execution for 27% and Information Disclosure for 16%. Patches for this month …
The post Patch Tuesday Update – September 2025 appeared first on Security Boulevard.